SEARCH
All Articles
Popular Codecov Bash Uploader Tool Compromised
The Codecov Bash Uploader tool, used widely in ,any development environments, was compromised in January, potentially causing serious downstream problems.
Russian APT Group Actively Exploiting Flaws, U.S. Agencies Warn
The U.S. federal agency advisory on the active exploits of five flaws comes in tandem with the U.S. government formally attributing the SolarWinds supply-chain attack to Russian Foreign Intelligence Service (SVR) actors.
U.S. Sanctions Russia in Wake of Recent Cyber Attacks
The U.S. has imposed new economic sanctions against the Russian government and several IT security companies in the wake of the SolarWinds intrusion and other attacks.
Lazarus Group Adds JavaScript Sniffer to Cryptocurrency-Stealing Arsenal
The Lazarus threat group utilized a modified JavaScript sniffer to steal cryptocurrency from unsuspecting e-commerce website consumers.
Decipher Podcast: Patrick Wardle Returns
Mac security researcher Patrick Wardle joins Dennis Fisher to talk about the evolution of Mac malware, the relative security of macOS to other platforms, and Apple's current approach to platform safety.
FBI Uses Warrant to Remove Webshells From Compromised Exchange Servers
The FBI issued remote commands to compromised Exchange servers to remove webshells with the authority of a court order.
IoT, Industrial Devices Impacted By Name:Wreck Vulnerabilities
Researchers found nine flaws that highlight the weaknesses of DNS protocol implementations in TCP/IP network communication stacks.
Microsoft Fixes Windows Zero Day Exploited in the Wild, Four More Exchange Flaws
Microsoft has released patches for a Windows bug that is being exploited in the wild and for four new Exchange vulnerabilities.
Threat Groups Prey on Mobile With Evolving Malware, Tactics
Up to 97 percent of organizations reported facing mobile threats that used multiple attack vectors during 2020, as cybercriminals continue to adopt new tactics to target mobile devices.
Biden to Nominate Former NSA Official Easterly to Head CISA
President Biden plans to nominate Jen Easterly, a former Army officer and NSA official, to head the Cybersecurity and Infrastructure Security Agency.
IcedID Trojan Finding New Ways to Slip Past Defenses
The IcedID trojan is taking up come of the slack left behind when the Emotet botnet was taken down, with new evasion and infection flows.
Iron Tiger APT Updates Toolkit in 18-Month Malware Campaign
An 18-month malware campaign on a gambling company reveals how the Iron Tiger threat group has updated its toolkit.
Attackers Target European Industrial Firms With Cring Ransomware
Attackers exploited a previously-disclosed flaw in Fortinet VPN servers in order to hit European industrial firms with the Cring ransomware.
Decipher Podcast: Charles Shirer
Charles Shirer, a red teamer, hacker, and FreeBSD enthusiast, joins Dennis Fisher to talk about his path to working in security, learning to hack, and his motivational videos.
Q&A: Idan Plotnik
Idan Plotnik of Apiiro Security discusses the value of a risk-based approach to software development and deployment.